fraud_reportswikiaorg-20200214-history
VIP Pharmacy
Description Another fake pharmacy in the Bulker.biz (now bulkerbiz.com) tradition. Credit card information is unsafe. The site makes false claims: * Awards are false. * It claims to be a licensed online pharmacy, but displays no license. * It claims to be secure, with a Thawte logo, but the ordering page is unsecure http. False Pretenses Like many fake sites, VIP Pharmacy makes false claims to use security when transferring credit card details Please, enter all your billing information as it appears at your card. All fields are required. All the information you enter into this form will be sent to the server through 128-bit secure connection at the final step. However, the site shows the page for entering sensitive credit card data as "http" - making this an obvious false claim. Fake Registration Like other Bulkerbiz.com family sites, VIP Pharmacy uses identity theft to register its domain names and stolen credit/debit cards to pay for those registrations. Victims whose personal information has been used to register one of these sites should follow the steps outlined here. Sponsoring Registrars Domains and name servers are typically registered across multiple registrars. While Xin Net and Moniker were previously regularly used for nameserver domain registrations, their increased responsiveness to abuse complaints appears to have encouraged Bulkerbiz.com to rely on Naunet, which does not suspend domains, and Beijing Innovative, which has spam filters on its abuse reporting mailboxes. Example: domain wsrepredent.net Domain registered with The Name It Corp. d/b/a/ Nameservice.net (AITDomains) * ns1.citelixir.com (Beijing Innovative Linkage Technology d/b/a dns.com.cn) * ns1.dustkeeneyed.com (Xin Net) * ns2.kindnessfus.ru (NAUNET-REG-RIPN) Example: domain sclafermarch.com Domain registered with Enetica Pty. Ltd. * ns1.forgerdub.com (Beijing Innovative Linkage Technology d/b/a dns.com.cn) * ns2.fogsignalvoy.com (Beijing Innovative Linkage Technology d/b/a dns.com.cn) History As with all Bulkerbiz.com brands, the images can be accessed from any of the image servers that any of their other brands currently use (until such servers are disinfected of their trojan horse viruses). For example: http://77.245.149.25:8080/e/ct/images/mid_07.jpg can be seen using the IP address of an active hijacked image server used by multiple other brands on multiple domains. Related Brands In early 2008, two brands began to be noted following the typical patterns of the other Bulkerbiz.com sites. Interestingly, these brands appear to have existed since early 2007, but the surviving older sites for these brands do not use the Bulkerbiz.com nameservers or image servers. However, in all cases, the words "VIP Pharmacy" appear at the bottom of the page to identify the brand, so it does not appear to be the case that the older sites are unrelated operations which were simply copied by Bulkerbiz.com. No spam for these related brands has been observed yet, but they are clearly part of the same operation. In July, 2008, spam for the Cialis Soft Tabs brand reappeared, featuring the older VIP image. At the bottom of the page for these sites is the notice "© VIP Pharmacy, 2001-2008." In the case of these three minor brands, although they are not spammed, the characteristic features of Bulkerbiz.com domains are seen: * Nameservers reside on the same IP addresses * Websites reside on the same IP addresses * Images load from the same IP addresses * Domains are registered using stolen identities rather than fictitious names * Domain names are the same as other Bulkerbiz.com domains but using different TLD's The Eva Discounts brand is atypical, but exploring the directory heading leads to pages with more familiar appearances and with images hosted on the common servers. In addition to the identity theft, which includes payment using stolen credit/debit cards, the servers are known to be hijacked Unix servers. These features mark these brands as part of an illegal operation. Any such domains should be suspended whether spammed or not. Canadian Health&Care Mall, another Bulkerbiz.com brand with more dramatically fraudulent websites, currently shares many domains with VIP Pharmacy. Example: *http://sarpletgans.com/ is VIP Pharmacy. *http://sarpletgans.com/ch/ is Canadian Health&Care Mall. Sample Spam thumb|left Warm Greetings!!! Unequalled proposition for you Dear Clients!!! Only these 5 days for our clients unthinkable offer!!! On all preparations you want!!! Fill in your life with colours of bliss!!! http://elcahm.encalkulat.com/?bdfgijkahmxowquyelzchcmc Yours truly, Online association of pharmaceutists For Cialis Soft Tabs: Subject: Cheapest cialis Cheapest cialis - http://www.orterbaydym.com/ How to Report this Spam The Complainterator is configured to report this spamming operation. Sponsor Organization Bulker.biz is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers. Related spam operations See: Bulker.biz Category:Well-known Spam Category:Bulkerbiz Spam Category:Yambo family Category:Pharma spam